From: Ignaz Forster <iforster@xxxxxxx> In vfs_getxattr a query of "security.selinux" will return "unlabeled", while in __vfs_getxattr -ENODATA will be returned for the same query. This causes a difference in the generated EVM hashes for the file on the underlying file system and overlayfs. Circumvent this by calling __vfs_getxattr directly. Co-developed-by: Fabian Vogt <fvogt@xxxxxxx> Signed-off-by: Fabian Vogt <fvogt@xxxxxxx> Signed-off-by: Ignaz Forster <iforster@xxxxxxx> --- fs/overlayfs/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 3b7ed5d2279c..e2c737936576 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -374,7 +374,8 @@ int ovl_xattr_get(struct dentry *dentry, struct inode *inode, const char *name, ovl_i_dentry_upper(inode) ?: ovl_dentry_lower(dentry); old_cred = ovl_override_creds(dentry->d_sb); - res = vfs_getxattr(realdentry, name, value, size); + res = __vfs_getxattr(realdentry, d_backing_inode(realdentry), + name, value, size); revert_creds(old_cred); return res; } -- 2.20.1
